Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Strange entry in Firewall log from LAN interface?

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 4 Posters 1.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      crotalus
      last edited by

      I have been running my PfSense box since January and looking at the logs on several occasions and I have found strange entries. Current release is "2.2.2-RELEASE".

      My LAN addresses are 192.168.20.xxx
      My WAN address from Comcast is 73.217.xxx.xxx

      I find on occasions the following type of entries, and this is one example.

      Interface –-->  LAN
      Source -------> 169.254.119.174
      Destination --> 224.0.0.1

      If my LAN address are in the 192 range how can I be sending something out with a different IP address range than I have on my LAN side? Is this normal? What is going on? If there is somebody wiser than me, maybe they can educate me.

      Thanks!

      Keith

      P.S. The amount of traffic hitting my system is staggering.  I had one attempt from the same IP address incrementing the destination port by a count of one that went on for hours. UGH!

      1 Reply Last reply Reply Quote 0
      • C Offline
        COOL_M_F
        last edited by

        Source –-----> 169.254.119.174
        Is an APIPA address, that means the client didnt get an address from your dhcp server
        See here https://wiki.wireshark.org/APIPA

        Destination –> 224.0.0.1
        Is a broadcast address, its trying to find others on your net to comunicate with.

        you shoult try to find out why its not getting ip from dhcp server

        1 Reply Last reply Reply Quote 0
        • DerelictD Offline
          Derelict LAYER 8 Netgate
          last edited by

          Destination –> 224.0.0.1
          Is a broadcast address, its trying to find others on your net to comunicate with.

          Multicast, actually.

          Chattanooga, Tennessee, USA
          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
          Do Not Chat For Help! NO_WAN_EGRESS(TM)

          1 Reply Last reply Reply Quote 0
          • C Offline
            crotalus
            last edited by

            My DHCP server is the PfSense router/firewall. This is where the ip addresses for the desktop/laptop computers in the house gets their leases.

            I have a few static address that I have set, the PfSense, two small FreeBSD servers, a wireless access point, the managed switch, and three printers.

            I know when this message is produced. It has the same time stamp as the time someone in the house turns on a Windows 7 computer. The Win computer gets a valid lease, 192.168.20.2xx and can connect to the internet OK.

            In my basement I have everything connected to a DLink 24 port managed gigabit switch.

            There is one other event that occurs when the Win computers are turned on. I have Samba set up on the FreeBSD servers for backups, photos, videos, and general storage. The Samba shares do not connect when the Win computers are booted. I have to go in an manual select the network drives to connect them.

            Why this occurs is something I do not know. It would appear that the two events are related.

            Anybody have any ideas?

            Keith

            1 Reply Last reply Reply Quote 0
            • KOMK Offline
              KOM
              last edited by

              Anybody have any ideas?

              Multicast

              http://en.wikipedia.org/wiki/Multicast_address

              http://www.firewall.cx/networking-topics/general-networking/107-network-multicast.html

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.